Top Malware Reported in the Last 24 HoursFake WhatsApp Plus
Hackers are circulating a fake WhatsApp app, dubbed WhatsApp Plus, on the web. This malicious app is a variant of Android/PUP.Riskware.Wtaspin.GB, a fake WhatsApp riskware. The app is capable of stealing sensitive information from the infected smartphone and also install malware. The APK file of the app is in circulation online via comments on blogs and forums.NetSupport Manager RAT
Weakness in encryption in the LockCrypt ransomware has been identified by security researchers. The malware is spread via RDP brute-force attacks that must be manually installed. Since the hackers reused the buffer, their algorithm became vulnerable to a plain text attack.
Top Vulnerabilities Reported in the Last 24 HoursXSS Flaw found in IBM WebSphere Portal
An authentication bypass vulnerability has been discovered in identity-as-a-service platform Auth0. Exploiting this flaw would allow hackers to access any portal or application, which are using Auth0 service for authentication. The vulnerability has been mitigated as the affected libraries have been extensively rewritten. New versions of SDKs have also been released.Vulnerability in Linux Beep Command
A local privilege escalation vulnerability has been discovered in beep, an advanced PC speaker beeper. Beep allows the calling user to trigger those side effects even if they are not authorized to do so. Users needn't worry, as this tool doesn't exist in most of the modern day processors.